Category Archives: Projects

As part of an ongoing upgrade project for a very long standing customer, this week saw the upgrade of their GroupWise system to 2014. The upgrade process went extremely smoothly, mostly down to the expertise of our friends at ST-Four. Webmail looks even better than ever, and the updated client software will be deployed to the new PCs as soon as they are rolled out.

GroupWise’s new web administration interface is a huge step forward, and even works remotely (via an SSH tunnel of course!), not to mention the fact that it’s extremely quick!

This one was slightly different from normal because of the very tight schedule required. Early morning starts and late finishes enabled us to upgrade four standalone servers from OES2 SP3 (SLES10 SP3) to OES11 SP1 (SLES11 SP2), add a node to each of two clusters, and then perform a rolling upgrade of the existing nodes with no user downtime at all!

As an aside, the upgrade to OES11 SP1 significantly improved the AFP performance and simplified its configuration by enabling the new LDAP subtree search feature, reducing the number of LDAP contexts from over 30 to just one!

Last week, I was involved in a very interesting project to deploy an Astaro Sophos Remote Ethernet Device.

As mentioned here, the Sophos RED, is a small (white) box that extends the reach of a the Sophos UTM firewall to a remote site. Ingeniously, when deployed, it appears as another ethernet interface on the UTM even though it’s physically located elsewhere on a different Internet connection. This means that you can do interesting things with it, such as VLANs, DHCP relay etc, and it’s all administered from the normal UTM web management interface! So, what did we do with it?

Well, we set it up with two VLANs, one for data, the other for voice. The switch at the remote site was also configured for both VLANs, and LLDP was configured to make sure that the devices come up on the correct VLAN. The Linux based DHCP server at the main site services subnets for both VLANs, DHCP relaying configuration in the UTM took care of getting the IP addresses to the remote devices. Firewall rules were set up to allow access from the remote site and we were ready to go.

We plugged in a laptop and it picked up an IP address, going well so far… Next was the phone. It booted up, grabbed an IP address from DHCP along with all the various Mitel settings and registered itself with the PBX! It’s very satisfying to pick up a phone and hear a dial tone – best not to think about the protocols involved or you might just get your LLDP mixed up with your L2TP and then where would you be??

Yesterday I completed the installation of a pair of Astaro ASG320s Sophos UTM320s in active-passive configuration for a customer. The 320s are great machines, and v8 of the software is very slick.

This pair replaced an iptables firewall server and another Linux routing box. In doing so, we reduced the ruleset from about 250 iptables rules (in 8 chains) to a nice simple 45 rules, all configured with drag ‘n drop!

We also configured an SSL VPN solution and attached a (white) RED device for a branch office that will replace a VPN server!

High availability comes in many forms but a combination of clustering and virtualisation is always going to be interesting!

This customer has been using XEN in SLES for a while now and was looking for more redundancy. So when hardware renewal time came rolling around, we worked out that they could get three IBM x3550s for less than they had paid for their original x346!! Cluster time….

As they had been a SLES customer for a while and kept their maintenance going, they were automatically licensed for the HA Extension (it’s not exactly expensive anyway). We added a couple of decent sized QNAP NAS boxes with lots of disk in RAID 10 and set up iSCSI on dedicated switches. Next step, format the LUs with OCFS2, create the cluster resources for OCFS2 and we’re ready to go! The domUs were copied over from the old XEN hosts and tested locally. No problems there, so each XEN domU then became a cluster resource! The XEN daemons on the nodes and the resources were then configured for live migrate and the virtual machines can now migrate around the cluster without being shut down, yes, even the Windows ones as they have the Virtual Machine Driver Pack installed…